Nuspire’s Q1 2022 threat report revealed many new vulnerabilities that increased threat actor activity across all three classifications. It examines malware, botnets, and exploits.
Notable are several older botnets that saw a rebound in the first quarter, including Mirai, STRRAT, and Emotet.
Mirai, known for co-opting IoT devices to carry out DDoS attacks, peaked in activity in February 2022. This matched the discovery of Spring4Shell, a zero-day attack on the popular Java web application framework, Spring Core.
The report said the attack makes it possible to execute unauthenticated remote code, and evidence shows that Mirai exploited this vulnerability in its botnet.
The STRATT botnet, which deals with stealing information, logging keystrokes, and collecting credentials from browsers and email clients, peaked in February. This data corresponds to recent announcements identifying a new STRRAT phishing campaign.
Nuspire chief security officer JR Cunningham said: “As Q4 2021 is a calmer quarter for cyber-attacks, we predicted Q1 2022 would see an uptick, and our data proves it.
“As zero-day attacks and a host of other vulnerabilities at major companies like Google and Microsoft come to light, threat actors are rapidly adapting their tactics, and these exploits are gaining industry attention, but the threat posed by older and well-understood attacks persists.
“It’s critical that businesses of all sizes understand the cost of these attacks and strengthen their security posture accordingly.”
Additional notable findings from Nuspire’s Q1 2022 Threat Report include:
The number of malware, botnet, and exploit activities increased by 4.76%, 12.21%, and 3.87%, respectively, from the fourth quarter of 2021. Visual Basic Applications (VBA) Trojans remain the most important malware variant, with almost 30% of all malware variants. Notably, the activity spiked just before Microsoft announcedlans to block VBA macros by default on Office products. Brute force attacks – when threat actors guess different combinations of potential passwords until the correct password is discovered – were by far the most popular exploit at 61%.
IDC Program Director for Security Services Craig Robinson says, “Securing comprehensive risk surfaces today requires organizations to combine 20/20 hindsight with an over-the-horizon view of current and potential future threats.
“Understanding the tactics, techniques, and procedures (TTPs) that attackers have used in the past does not lose value over time, as many of these exploits are repeated with small twists and turns to make them dangerous zero-day exploits.
“Combining this historical knowledge with curated threat intelligence that captures the current threat landscape is vital for organizations to survive in these perilous times.”
Nuspire’s report outlines new cybercriminal activities, tactics, techniques, and procedures (TTPs), data, and insight into malware, exploits, and botnet activities.
Nuspire is a managed security services provider offering managed security services, managed detection and response, endpoint detection and response (EDR) supporting best-in-class EDR solutions, and cybersecurity advisory services, including incident preparedness and response, threat modeling, digital forensics, technology optimization, attitude assessments and more.
